<rdar://problem/6123770> Restrict access to document.cookie when making a cross-site XHR

WebCore:

xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::responseXML): Removed an incorrect
comment about cookie support. Firefox doesn't expose cookies on responseXML at all, and
there are security concerns with exposing them for cross-origin requests, so it's not clear
if we want to change anything here.

LayoutTests:

http/tests/security/cookies/xmlhttprequest.html: We don't expose cookies for documents
retrieved via XMLHttpRequest. Added a check to make sure that we don't forget about cross-
origin restrictions if we ever decide to change that.

http/tests/xmlhttprequest/resources/get-set-cookie.cgi: While at it, fixed a broken check
for Set-Cookie2.

Fix hit testing of absolutely positioned single line text controls by
ensuring that we set result.innerNode() correctly. If the hit node is
a descendant of the inner text element or if it is the <input> itself,
then we say we hit the innerTextElement.

Rename hitInnerTextBlock() to hitInnerTextElement() to match the
'innerTextElement' terminology used elsewhere.

Assert that if renderer()->hitTest() returns false, no-one set
result.innerNode().

Fix for <rdar://problem/6624769> REGRESSION (Safari 4 PB): No
scroll bar appears for long line of text with NOWRAP set

This is a regression from ​http://trac.webkit.org/changeset/32226
I talked with Dan about the original change, and we decided that
the best fix was to remove his small potential-optimization that
only created a separate line box for whitespace under certain
circumstances. This new code will always create a separate line
box.

Round CFAbsoluteDates to the nearest second when converting to/from the Windows DATE format.

This corrects for inaccuracies introduced by round-tripping between DATE (day based) and CFAbsoluteDate (second based).
The WebKit COM API on Windows uses DATE, while our history storage uses CFAbsoluteTime. This could lead to WebKit
saying there was browsing history for a particular day, and then return no history items when we requested a
list of sites visited that day.

dom/Range.cpp:
(WebCore::Range::compareBoundaryPoints): Split out assertion. It's better not to
use && in assertions since we'd like to know which condition is failing.

editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::applyInlineStyleToRange): Added a null check before
calling compareBoundaryPoints, since a 0 for the node is ambiguous and so the
function doesn't know which value to return.

Implement the Cairo version of the checkForSolidColor() method. This halfes the
time to draw on 1x1 px background images.
I added two new calls to Color for the pixel manipulation on cairo_surface's.
They are neede to premultiply/unpremultiply the colors of the surface.

Add support for registering noAccess URL schemes:
1- Add FrameLoader::registerURLSchemeAsNoAccess, and have SecurityOrigin check
that list upon construction (similar to how isLocal is implemented).
2- Make InspectorController call grantUniversalAccess on its Document's
SecurityOrigin at the time when windowScriptObjectAvailable is called.

This enables content such as the inspector to be loaded from a custom (non-file)
URL, which is how Chromium loads the inspector. It also allows other URL schemes
to be treated like data: URLs, which Chromium utilizes for its various HTML-based
UI panels.

As suggested in dom/Position.h, this patch gets rid of the
'offset()' accessor and renames posOffset to m_offset. I've used
m_offset instead of offset to follow the style guide lines, since
Position is still a class and not a structure. If the long term
plan is still to make it a structure it would be pretty easy to
just s/m_offset/offset/ globally when that is achieved.

editing/markup.cpp: (WebCore::createMarkup): Added updateLayoutIgnorePendingStylesheets
call to the one of the two overloads of this function that wasn't calling it. This fixes
this crash and other possible crashes inside innerHTML.

This removes TextDecoder class, since its only purpose was to check for BOM, which is
already done in TextResourceDecoder. Callers that use TextEncoding::decode() won't get
BOM checked, but I didn't find any cases where it would significantly change behavior.

loader/TextResourceDecoder.cpp:
(WebCore::TextResourceDecoder::TextResourceDecoder): Updated for m_encoding being a member.
(WebCore::TextResourceDecoder::setEncoding): Ditto.
(WebCore::TextResourceDecoder::checkForBOM): Removed a FIXME saying that a BOM could override
even a user-chosen encoding - this is how it already worked due to TextDecoder checking for
BOM again. Made this function return the detected BOM length.
(WebCore::TextResourceDecoder::decode): Skip the BOM if it was found at the beginning of
a text resource.
(WebCore::TextResourceDecoder::flush): Reset m_checkedForBOM, so that re-decoding the same
resource again (as frequently done by CachedResource subclasses) will skip the BOM correctly.

platform/text/TextEncoding.cpp: (WebCore::TextEncoding::decode):
Use TextCodec directly without a TextDecoder wrapper. This means that this method no longer
checks for BOM, which was a counter-intuitive feature.

loader/appcache/ManifestParser.cpp:
(WebCore::parseManifest):
Use TextResourceDecoder, as TextEncoding::decode() no longer checks for BOM.
A side effect of this is that these resources will now be subject to encoding auto-detection.

loader/CachedFont.cpp: (WebCore::CachedFont::ensureSVGFontData):

page/Page.cpp: (WebCore::Page::userStyleSheet):
Be sure to flush TextResourceDecoder, pushing any remaining bytes out, and making the decoder
re-usable (for repeated decoding of the same resource).

Implement importScripts, currently uses a series of synchronous loads
to fetch the scripts, but this is simpler than a synchronous load of
multiple loads in parallel. In future we'll want to switch to parallel
loading, but this will do for now.

r41508 actually exposed a pre-existing bug where we were not invalidating the result
register cache at jump targets. This causes problems when condition loads occur in an

expression -- namely through the ?: and

operators. This patch corrects these issues

by marking the target of all forward jumps as being a jump target, and then clears the
result register cache when ever it starts generating code for a targeted instruction.

I do not believe it is possible to cause this class of failure outside of a single
expression, and expressions only provide forward branches, so this should resolve this
entire class of bug. That said i've included a test case that gets as close as possible
to hitting this bug with a back branch, to hopefully prevent anyone from introducing the
problem in future.

Removed the redundant localToContainerQuad() methods, which can now
shared code with the old mapLocalToAbsolutePoint(), which was
renamed to mapLocalToContainer(). This can now convert a point,
and optionally a FloatQuad, which are carried along in the TransformState.

Optimized TransformState to reduce to simple FloatPoint.move()
if there are no transforms, and to heap-allocate a transform only if
necessary to accumulate transforms (when using preserve-3d).

Tested by 3d point mapping tests, and the inspector highlight (which now shows
the correct quads for 3d-transformed elements).

​https://bugs.webkit.org/show_bug.cgi?id=24463
WebCore::qstring is detaching and copying twice for every single
WebCore::TextRun that is processed and drawn. This elevates this method
to one of the top-ten most expensive methods in all of QtWebKit according
to profiling. This changes the method so that QString only detaches
when absolutely necessary.

Don't cast a type to JSArray, just because it reportsArray as a supertype
in the JS type system. Doesn't appear feasible to create a testcase
unfortunately as setting up the failure conditions requires internal access
to JSC not present in DRT.

Get the index of the current item from the list of (history) items
to print before adding the back history items to the list. This
will make the 'curr' pointer point to the correct item in the
actual results, therefore, passing some of the http/tests/history
tests.

Fix for <rdar://problem/6607524> REGRESSION (Safari 3-4): I can't tab back to the URL field in an empty window (key loop is broken)

I haven't been able to make a test for this since the problem is not reproducible within an empty iframe.

page/EventHandler.cpp: (WebCore::eventTargetNodeForDocument): We used to ensure that every html document had a body element.
That is no longer true, so we should return the document element for a truly empty document.

Adding a flag to ResourceRequestBase to indicate whether or not upload
progress notifications are needed for a resource. This is useful to
avoid sending these notifications when there are no consumers
(especially in the Chromium case where IPC is involved).

workers/WorkerContext.cpp:
(WebCore::WorkerContext::WorkerContext):
(WebCore::WorkerContext::encoding):
(WebCore::WorkerContext::completeURL): Added comment on why this is different from Document::completeURL

workers/WorkerThread.h:
All of the above route the 'encoding' parameter of parent context to the new
instance of WorkerContext - from Worker::notifyFinished() via WorkerMessagingProxy
through WorkerThread through WorkerThreadStartupData and into constructor of WorkerContext.

When building QtWebKit in release mode make sure that QT_SHARED is defined
otherwise none of the public API will be exported. This leads to missing
symbols and link errors if hidden-visibility is used.

We were ignoring the clip rectangle passed as parameter, which is
wrong in the case of non coalesced expose events. This, in turn,
uncovers the fact that we were not applying coordinate translation
to our position.

Make update-webkit-support-libs fail if WebKitSupportLibrary.zip is present but out of date

Reviewed by Alexey Proskuryakov.

Scripts/update-webkit-support-libs: Changed to use
dieAndInstructToDownload when the zip file doesn't exist. Added an MD5
check to make sure the file is up-to-date. If it is out of date, print
an error message and quit.
(sub dieAndInstructToDownload): Added. Prints an error message and
quits with an error.

platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
(WebCore::MediaPlayerPrivate::MediaPlayerPrivate): Initialize m_rect.
(WebCore::MediaPlayerPrivate::createQTMovieView): setRect-> setSize.
(WebCore::MediaPlayerPrivate::setSize): Changed from setRect
(WebCore::MediaPlayerPrivate::paint): Call view:setFrame: when in a media document so
the movie is drawn in the correct location.

The issue here is empty (or null) URLs. I picked the "schedule navigation" bottleneck
to add some checks for empty URLs. We could also put the empty URL checks at some
other bottleneck level and add more assertions over time. I tried adding a few more
assertions to functions like loadURL and hit them while running the regression tests,
so it's probably going to be a bit tricky to clean this up throughout the loader.

loader/FrameLoader.cpp:
(WebCore::ScheduledRedirection::ScheduledRedirection): Explicitly marked this struct
immutable by making all its members const. Added assertions about the arguments,
including that the URL is not empty. Initialized one uninitialized member in one of
the constructors.
(WebCore::FrameLoader::scheduleHTTPRedirection): Added an early exit to make this
a no-op if passed an empty URL.
(WebCore::FrameLoader::scheduleLocationChange): Ditto.
(WebCore::FrameLoader::scheduleRefresh): Ditto.

The new test manipulates all the properties of the location object on a new window which
has no location yet. I tested Firefox too and added comments about how its behavior differs
from WebKit. At some point we may want to tweak our behavior to be a bit closer to theirs,
or check IE's behavior or if HTML 5 or some other W3 specification has something to say
about this, but for now the main purpose of the test is to verify we don't crash.

This change creates a new break iterator "cursorMovementIterator" for
moving cursors and use it when moving an input cursor.
In "TextBreakIteratorICU.cpp", this break iterator uses custom ruleset
based on the one of ICU 3.8.
On the other hand, in "TextBreakIteratorQt.cpp", this break iterator
just calls the characterBreakIterator() function.

Test: editing/inserting/insert-thai-characters-001.html

platform/text/TextBreakIterator.h: Added a new function cursorMovementIterator().